Fix exception for empty basic auth header token

fixes spring-projectsgh-7976
This commit is contained in:
Zeeshan Adnan
2020-03-13 02:32:19 +06:00
committed by Eleftheria Stein
parent 5e0e5b6ed4
commit dfa78804a8
3 changed files with 28 additions and 0 deletions

View File

@@ -111,4 +111,12 @@ public class BasicAuthenticationConverterTests {
assertThat(authentication.getName()).isEqualTo("rod");
assertThat(authentication.getCredentials()).isEqualTo("");
}
@Test(expected = BadCredentialsException.class)
public void requestWhenEmptyBasicAuthorizationHeaderTokenThenError() {
MockHttpServletRequest request = new MockHttpServletRequest();
request.addHeader("Authorization", "Basic ");
converter.convert(request);
}
}

View File

@@ -424,4 +424,20 @@ public class BasicAuthenticationFilterTests {
assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull();
}
@Test
public void requestWhenEmptyBasicAuthorizationHeaderTokenThenUnauthorized() throws Exception {
MockHttpServletRequest request = new MockHttpServletRequest();
request.addHeader("Authorization", "Basic ");
request.setServletPath("/some_file.html");
request.setSession(new MockHttpSession());
final MockHttpServletResponse response = new MockHttpServletResponse();
FilterChain chain = mock(FilterChain.class);
filter.doFilter(request, response, chain);
verify(chain, never()).doFilter(any(ServletRequest.class),
any(ServletResponse.class));
assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull();
assertThat(response.getStatus()).isEqualTo(401);
}
}